Page III: Counter-terrorism adviser to four US presidents Richard Clarke discusses whether cyberterrorism is a misnomer or a real threat.
I think many companies have improved their security. Many are taking security seriously, spending the amounts of money they need to spend. If you go back about five years ago I think the average large company was spending 4 percent on its average IT spending. The average company is now spending about 8 percent. You and I both know you can double your spending on security and not achieve security. It's not just a matter of spending. Spending is an important indicator. That indicator would suggest that the companies are taking it more seriously, but it's also what they are spending it on and how they deploy it. Certain industries are doing a much better job. The financial services industry, at least in most modern countries, is doing a very good job.
There are a lot of disparate security bodies and user groups that don't seem to act in a coordinated way. A lot of them talk but don't seem to have a strategy or roadmap.
Well part of what we do is information sharing. Forums are great places to do that. But all too often the participants have no decision making authority in their own companies and the real problem is persuading the CIO or the CFO that there is a return on investment in increasing security. Information sharing forums are great for technical solutions but haven't been all that great in helping the CISO to tell their story to their superiors.
It seems that most useful piece of information a CISO can have is how to get to the board member, the CEO or the CFOs, and make a case in their language. Every expertise speaks its own language. What would be useful for these user groups is learning ways to speak the language of the people who are making the decisions.
Do you miss working at the White House?
No. Not at all.
Would you ever go back?
Never. I spent 30 years there as a civil servant. And I consider that as 30 years of hard labour. No I don't think I could do it anymore.
Some people might say you came under a lot of flak when you did what you did [criticised the Bush administration]. Did come under a lot of pressure?
There are those people who took it personally and that's unfortunate. I didn't think I had any choice in the matter. I didn't think or conceive of working for the Bush administration as much as for working for the American people. And the American people have a right to know certain things. What I wrote in the book would have come out any way in the 9/11 commission investigation. Frankly there is some stuff I wanted to use in my book but I wasn't allowed to. The government did have to clear the book. Most of that information came out in the 9/11 commission. So my e-mails and my memos are in the 9/11 commission report. So it came out anyway, but I wanted to tell it in a coherent way and in a way that's usually understood.
Some people would criticise security professionals for going out and whistle blowing. What would you say about that?
There's a lot that anyone who has been in the security business as long as I have should never reveal because it will make it easier for terrorists and hackers. And we all have to be careful when we do write, that that information is not revealed. In the case of the United States, if you were in the government and you had top secret clearance, your books have to be reviewed by the government to make sure there's nothing in them that's revealing or could be used. There's a double check. You hopefully do it yourself, but the government does it for you too. There's nothing in my book that would in anyway help an enemy.
Do you still regard yourself as a patriot?
Absolutely.
In the Michael Moore film Fahrenheit 9/11, Moore shows the scene when the president was informed of the 9/11 situation for the first time and he sits and reads a children's book for seven minutes. Is that true?
Yeah that's true.
What was happening where you were?
Well we were making decisions, we weren't waiting for him. During that time frame we were making the decision to ground all the 4,200 aircraft that were aloft at the time beginning with Washington and New York corridor and getting all the aircraft out of there. No one had ever done it before and we weren't sure that we could it, but it worked.
It must have been a real test for the critical national infrastructure...
It was and for the most part it worked. Some of the problems we had were things like the companies with operation plans envisioned that the alternative headquarters for various departments would be staffed by people in the [original] headquarters.
That didn't work and the people in Washington couldn't get out. There were two million people trying to get out at the same time. All the roads, the metro and everything were jammed. So we couldn't get the continuity teams out to the continuity sites. That was something we discovered on 9/11 we didn't know before. Most of the system worked.
ZDNet UK's Dan Ilett reported from Barcelona. For more coverage on ZDNet UK Insight, click here.
3%
2%
Quote:
How much can governments see of what goes on in the Internet? Can they see every e-mail?
Oh no. There are technical and legal reasons. The legal reason is, in the US at least, is that you need a court order for each person [to see each e-mail]. The technical reason is that there is too much traffic.
Isn't the whole implementation of the Carnivore server combines with the Patriot Act supposed to make a court order unnecessary?